@openhi/constructs 0.0.69 → 0.0.71

package/lib/index.mjs

@@ -649,6 +649,86 @@ var PreTokenGenerationLambda = class extends Construct {
   }
 };
 
+// src/components/dynamodb/data-store-historical-archive.ts
+import fs2 from "fs";
+import path2 from "path";
+import { Duration, RemovalPolicy as RemovalPolicy2, Size } from "aws-cdk-lib";
+import * as kinesisfirehose from "aws-cdk-lib/aws-kinesisfirehose";
+import { Runtime as Runtime2 } from "aws-cdk-lib/aws-lambda";
+import { NodejsFunction as NodejsFunction2 } from "aws-cdk-lib/aws-lambda-nodejs";
+import * as s3 from "aws-cdk-lib/aws-s3";
+import { Construct as Construct2 } from "constructs";
+var HANDLER_NAME2 = "firehose-archive-transform.handler.js";
+function resolveHandlerEntry2(dirname) {
+  const sameDir = path2.join(dirname, HANDLER_NAME2);
+  if (fs2.existsSync(sameDir)) {
+    return sameDir;
+  }
+  return path2.join(dirname, "..", "..", "..", "lib", HANDLER_NAME2);
+}
+var DataStoreHistoricalArchive = class extends Construct2 {
+  constructor(scope, id, props) {
+    super(scope, id);
+    this.archiveBucket = new s3.Bucket(this, "ArchiveBucket", {
+      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
+      encryption: s3.BucketEncryption.S3_MANAGED,
+      enforceSSL: true,
+      removalPolicy: props.removalPolicy,
+      autoDeleteObjects: props.removalPolicy === RemovalPolicy2.DESTROY,
+      versioned: true
+    });
+    this.transformFunction = new NodejsFunction2(this, "FirehoseTransform", {
+      entry: resolveHandlerEntry2(__dirname),
+      runtime: Runtime2.NODEJS_LATEST,
+      memorySize: 512,
+      timeout: Duration.minutes(1),
+      description: "Firehose transform: filter CURRENT resource rows, S3 dynamic partition keys",
+      bundling: {
+        minify: true,
+        sourceMap: false
+      }
+    });
+    const processor = new kinesisfirehose.LambdaFunctionProcessor(
+      this.transformFunction,
+      {
+        bufferInterval: Duration.seconds(60),
+        bufferSize: Size.mebibytes(3),
+        retries: 3
+      }
+    );
+    const destination = new kinesisfirehose.S3Bucket(this.archiveBucket, {
+      compression: kinesisfirehose.Compression.GZIP,
+      bufferingInterval: Duration.seconds(300),
+      // Firehose requires SizeInMBs ≥ 64 when dynamic partitioning is enabled.
+      bufferingSize: Size.mebibytes(64),
+      processors: [processor],
+      errorOutputPrefix: "errors/!{firehose:error-output-type}/!{timestamp:yyyy/MM/dd/HH}/",
+      loggingConfig: new kinesisfirehose.EnableLogging()
+    });
+    this.deliveryStream = new kinesisfirehose.DeliveryStream(
+      this,
+      "ArchiveDeliveryStream",
+      {
+        deliveryStreamName: `openhi-dstore-arch-${props.stackHash}`,
+        source: new kinesisfirehose.KinesisStreamSource(props.kinesisStream),
+        destination
+      }
+    );
+    const cfn = this.deliveryStream.node.defaultChild;
+    cfn.addPropertyOverride(
+      "ExtendedS3DestinationConfiguration.DynamicPartitioningConfiguration",
+      {
+        Enabled: true,
+        RetryOptions: { DurationInSeconds: 300 }
+      }
+    );
+    cfn.addPropertyOverride(
+      "ExtendedS3DestinationConfiguration.Prefix",
+      "!{partitionKeyFromLambda:tenantId}/!{partitionKeyFromLambda:workspaceId}/!{partitionKeyFromLambda:resourceType}/!{partitionKeyFromLambda:resourceId}/!{partitionKeyFromLambda:version}/"
+    );
+  }
+};
+
 // src/components/dynamodb/dynamo-db-data-store.ts
 import {
   AttributeType,
@@ -776,7 +856,7 @@ var OpsEventBus = class _OpsEventBus extends EventBus2 {
 };
 
 // src/components/route-53/child-hosted-zone.ts
-import { Duration } from "aws-cdk-lib";
+import { Duration as Duration2 } from "aws-cdk-lib";
 import {
   HostedZone,
   NsRecord
@@ -788,7 +868,7 @@ var ChildHostedZone = class extends HostedZone {
       zone: props.parentHostedZone,
       recordName: this.zoneName,
       values: this.hostedZoneNameServers || [],
-      ttl: Duration.minutes(5)
+      ttl: Duration2.minutes(5)
     });
   }
 };
@@ -798,8 +878,8 @@ var ChildHostedZone = class extends HostedZone {
 ChildHostedZone.SSM_PARAM_NAME = "CHILDHOSTEDZONE";
 
 // src/components/route-53/root-hosted-zone.ts
-import { Construct as Construct2 } from "constructs";
-var RootHostedZone = class extends Construct2 {
+import { Construct as Construct3 } from "constructs";
+var RootHostedZone = class extends Construct3 {
 };
 
 // src/components/static-hosting/static-hosting.ts
@@ -808,16 +888,16 @@ import {
   Distribution
 } from "aws-cdk-lib/aws-cloudfront";
 import { S3BucketOrigin } from "aws-cdk-lib/aws-cloudfront-origins";
-import { Bucket } from "aws-cdk-lib/aws-s3";
-import { Duration as Duration2 } from "aws-cdk-lib/core";
-import { Construct as Construct3 } from "constructs";
+import { Bucket as Bucket2 } from "aws-cdk-lib/aws-s3";
+import { Duration as Duration3 } from "aws-cdk-lib/core";
+import { Construct as Construct4 } from "constructs";
 var STATIC_HOSTING_SERVICE_TYPE = "website";
-var _StaticHosting = class _StaticHosting extends Construct3 {
+var _StaticHosting = class _StaticHosting extends Construct4 {
   constructor(scope, id, props = {}) {
     super(scope, id);
     const stack = OpenHiService.of(scope);
     const serviceType = props.serviceType ?? STATIC_HOSTING_SERVICE_TYPE;
-    this.bucket = new Bucket(this, "bucket", {
+    this.bucket = new Bucket2(this, "bucket", {
       blockPublicAccess: {
         blockPublicAcls: true,
         blockPublicPolicy: true,
@@ -830,9 +910,9 @@ var _StaticHosting = class _StaticHosting extends Construct3 {
     const cachePolicy = new CachePolicy(this, "cache-policy", {
       cachePolicyName: `static-hosting-10s-${stack.branchHash}`,
       comment: "Low TTL (10s) for static hosting; no invalidation",
-      defaultTtl: Duration2.seconds(10),
-      minTtl: Duration2.seconds(0),
-      maxTtl: Duration2.seconds(10)
+      defaultTtl: Duration3.seconds(10),
+      minTtl: Duration3.seconds(0),
+      maxTtl: Duration3.seconds(10)
     });
     this.distribution = new Distribution(this, "distribution", {
       defaultBehavior: {
@@ -1141,11 +1221,12 @@ import {
   RecordTarget
 } from "aws-cdk-lib/aws-route53";
 import { ApiGatewayv2DomainProperties } from "aws-cdk-lib/aws-route53-targets";
-import { Duration as Duration3 } from "aws-cdk-lib/core";
+import { Duration as Duration4 } from "aws-cdk-lib/core";
 
 // src/services/open-hi-data-service.ts
-import { Table as Table2 } from "aws-cdk-lib/aws-dynamodb";
+import { StreamViewType, Table as Table2 } from "aws-cdk-lib/aws-dynamodb";
 import { EventBus as EventBus3 } from "aws-cdk-lib/aws-events";
+import * as kinesis from "aws-cdk-lib/aws-kinesis";
 var _OpenHiDataService = class _OpenHiDataService extends OpenHiService {
   /**
    * Returns the data event bus by name (deterministic per branch). Use from other stacks to obtain an IEventBus reference.
@@ -1181,7 +1262,24 @@ var _OpenHiDataService = class _OpenHiDataService extends OpenHiService {
     this.props = props;
     this.dataEventBus = this.createDataEventBus();
     this.opsEventBus = this.createOpsEventBus();
+    this.dataStoreChangeStream = new kinesis.Stream(
+      this,
+      "data-store-change-stream",
+      {
+        streamName: `openhi-dstore-cdc-${this.branchHash}`,
+        streamMode: kinesis.StreamMode.ON_DEMAND
+      }
+    );
     this.dataStore = this.createDataStore();
+    this.dataStoreHistoricalArchive = new DataStoreHistoricalArchive(
+      this,
+      "data-store-historical-archive",
+      {
+        kinesisStream: this.dataStoreChangeStream,
+        removalPolicy: this.removalPolicy,
+        stackHash: this.stackHash
+      }
+    );
   }
   /**
    * Creates the data event bus.
@@ -1202,59 +1300,62 @@ var _OpenHiDataService = class _OpenHiDataService extends OpenHiService {
    * Override to customize.
    */
   createDataStore() {
-    return new DynamoDbDataStore(this, "dynamo-db-data-store");
+    return new DynamoDbDataStore(this, "dynamo-db-data-store", {
+      kinesisStream: this.dataStoreChangeStream,
+      stream: StreamViewType.NEW_AND_OLD_IMAGES
+    });
   }
 };
 _OpenHiDataService.SERVICE_TYPE = "data";
 var OpenHiDataService = _OpenHiDataService;
 
 // src/data/lambda/cors-options-lambda.ts
-import fs2 from "fs";
-import path2 from "path";
-import { Runtime as Runtime2 } from "aws-cdk-lib/aws-lambda";
-import { NodejsFunction as NodejsFunction2 } from "aws-cdk-lib/aws-lambda-nodejs";
-import { Construct as Construct4 } from "constructs";
-var HANDLER_NAME2 = "cors-options-lambda.handler.js";
-function resolveHandlerEntry2(dirname) {
-  const sameDir = path2.join(dirname, HANDLER_NAME2);
-  if (fs2.existsSync(sameDir)) {
+import fs3 from "fs";
+import path3 from "path";
+import { Runtime as Runtime3 } from "aws-cdk-lib/aws-lambda";
+import { NodejsFunction as NodejsFunction3 } from "aws-cdk-lib/aws-lambda-nodejs";
+import { Construct as Construct5 } from "constructs";
+var HANDLER_NAME3 = "cors-options-lambda.handler.js";
+function resolveHandlerEntry3(dirname) {
+  const sameDir = path3.join(dirname, HANDLER_NAME3);
+  if (fs3.existsSync(sameDir)) {
     return sameDir;
   }
-  const fromLib = path2.join(dirname, "..", "..", "..", "lib", HANDLER_NAME2);
+  const fromLib = path3.join(dirname, "..", "..", "..", "lib", HANDLER_NAME3);
   return fromLib;
 }
-var CorsOptionsLambda = class extends Construct4 {
+var CorsOptionsLambda = class extends Construct5 {
   constructor(scope, id = "cors-options-lambda") {
     super(scope, id);
-    this.lambda = new NodejsFunction2(this, "handler", {
-      entry: resolveHandlerEntry2(__dirname),
-      runtime: Runtime2.NODEJS_LATEST,
+    this.lambda = new NodejsFunction3(this, "handler", {
+      entry: resolveHandlerEntry3(__dirname),
+      runtime: Runtime3.NODEJS_LATEST,
       memorySize: 128
     });
   }
 };
 
 // src/data/lambda/rest-api-lambda.ts
-import fs3 from "fs";
-import path3 from "path";
-import { Runtime as Runtime3 } from "aws-cdk-lib/aws-lambda";
-import { NodejsFunction as NodejsFunction3 } from "aws-cdk-lib/aws-lambda-nodejs";
-import { Construct as Construct5 } from "constructs";
-var HANDLER_NAME3 = "rest-api-lambda.handler.js";
-function resolveHandlerEntry3(dirname) {
-  const sameDir = path3.join(dirname, HANDLER_NAME3);
-  if (fs3.existsSync(sameDir)) {
+import fs4 from "fs";
+import path4 from "path";
+import { Runtime as Runtime4 } from "aws-cdk-lib/aws-lambda";
+import { NodejsFunction as NodejsFunction4 } from "aws-cdk-lib/aws-lambda-nodejs";
+import { Construct as Construct6 } from "constructs";
+var HANDLER_NAME4 = "rest-api-lambda.handler.js";
+function resolveHandlerEntry4(dirname) {
+  const sameDir = path4.join(dirname, HANDLER_NAME4);
+  if (fs4.existsSync(sameDir)) {
     return sameDir;
   }
-  const fromLib = path3.join(dirname, "..", "..", "..", "lib", HANDLER_NAME3);
+  const fromLib = path4.join(dirname, "..", "..", "..", "lib", HANDLER_NAME4);
   return fromLib;
 }
-var RestApiLambda = class extends Construct5 {
+var RestApiLambda = class extends Construct6 {
   constructor(scope, props) {
     super(scope, "rest-api-lambda");
-    this.lambda = new NodejsFunction3(this, "handler", {
-      entry: resolveHandlerEntry3(__dirname),
-      runtime: Runtime3.NODEJS_LATEST,
+    this.lambda = new NodejsFunction4(this, "handler", {
+      entry: resolveHandlerEntry4(__dirname),
+      runtime: Runtime4.NODEJS_LATEST,
       memorySize: 1024,
       environment: {
         DYNAMO_TABLE_NAME: props.dynamoTableName,
@@ -1484,7 +1585,7 @@ var _OpenHiRestApiService = class _OpenHiRestApiService extends OpenHiService {
         "Authorization"
       ],
       allowCredentials: cors.allowCredentials ?? true,
-      maxAge: cors.maxAge ?? Duration3.days(1),
+      maxAge: cors.maxAge ?? Duration4.days(1),
       ...cors.exposeHeaders !== void 0 && {
         exposeHeaders: cors.exposeHeaders
       }
@@ -1555,6 +1656,7 @@ export {
   CognitoUserPoolDomain,
   CognitoUserPoolKmsKey,
   DataEventBus,
+  DataStoreHistoricalArchive,
   DiscoverableStringParameter,
   DynamoDbDataStore,
   OpenHiApp,